From bf35f1a1bc6eb9760aae0019f2ce7f53ce590d1c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 27 Nov 2006 12:10:22 +0000
Subject: [PATCH] Expand crypto-select

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19152 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/hxtool-commands.in | 17 ++++++++++++-
 lib/hx509/hxtool.c           | 49 +++++++++++++++++++++++++++++++-----
 2 files changed, 59 insertions(+), 7 deletions(-)

diff --git a/lib/hx509/hxtool-commands.in b/lib/hx509/hxtool-commands.in
index e5d4b9923..368f2c8dc 100644
--- a/lib/hx509/hxtool-commands.in
+++ b/lib/hx509/hxtool-commands.in
@@ -389,9 +389,24 @@ command = {
 	help = "Print available CMS crypto types"
 }
 command = {
+	option = {
+		long = "type"
+		type = "string"
+		help = "type of CMS algorithm"
+	}
+	option = {
+		long = "certificate"
+		type = "string"
+		help = "source certificate limiting the choices"
+	}
+	option = {
+		long = "peer-cmstype"
+		type = "strings"
+		help = "peer limiting cmstypes"
+	}
 	name = "crypto-select"
 	min_args="0"
-	help = "Print available CMS crypto types"
+	help = "Print selected CMS type"
 }
 command = {
 	name = "help"
diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c
index fe38619f4..a953a050d 100644
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -1015,21 +1015,58 @@ crypto_available(void *opt, int argc, char **argv)
 }
 
 int
-crypto_select(void *opt, int argc, char **argv)
+crypto_select(struct crypto_select_options *opt, int argc, char **argv)
 {
+    hx509_peer_info peer = NULL;
+    AlgorithmIdentifier selected;
     int ret;
     char *s;
-    AlgorithmIdentifier val;
+    int type = HX509_SELECT_DIGEST;
 
-    ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
-			      NULL, NULL, &val);
+    if (opt->type_string) {
+	if (strcmp(opt->type_string, "digest") == 0)
+	    type = HX509_SELECT_DIGEST;
+	else if (strcmp(opt->type_string, "public-sig") == 0)
+	    type = HX509_SELECT_PUBLIC_SIG;
+	else
+	    errx(1, "unknown type: %s", opt->type_string);
+    }
+
+    if (opt->peer_cmstype_strings.num_strings) {
+	AlgorithmIdentifier *val;
+	size_t i;
+
+	ret = hx509_peer_info_alloc(context, &peer);
+	if (ret)
+	    errx(1, "hx509_peer_info_alloc");
+
+	val = calloc(opt->peer_cmstype_strings.num_strings, sizeof(*val));
+	if (val == NULL)
+	    err(1, "malloc");
+
+	for (i = 0; i < opt->peer_cmstype_strings.num_strings; i++) {
+	    ret = der_parse_heim_oid (opt->peer_cmstype_strings.strings[i],
+				      " .", &val[i].algorithm);
+	    if  (ret)
+		errx(1, "der_parse_heim_oid failed on: %s", 
+		     opt->peer_cmstype_strings.strings[i]);
+	}
+	    
+	ret = hx509_peer_info_set_cms_algs(context, peer, val, 
+					   opt->peer_cmstype_strings.num_strings);
+	if (ret)
+	    errx(1, "hx509_peer_info_set_cms_algs");
+
+    }
+
+    ret = hx509_crypto_select(context, type, NULL, peer, &selected);
     if (ret)
 	errx(1, "hx509_crypto_available");
 
-    der_print_heim_oid (&val.algorithm, '.', &s);
+    der_print_heim_oid (&selected.algorithm, '.', &s);
     printf("%s\n", s);
     free(s);
-    free_AlgorithmIdentifier(&val);
+    free_AlgorithmIdentifier(&selected);
 
     return 0;
 }